Windows Security : Domain Login Credentials on similar Domains

Hi there...

We have 2 sites, 1 in the UK, 1 in the USA, with 2 separate LANS, and 2 separate domains.
They are however linked by a VPN tunnel, but both have their own Active Domains.

We have 1 SharePoint site at the UK location.

We need to allow a USA user access to the UK SharePoint site.
I have therefore added a new user to our UK AD.

I can login to the SharePoint site from the UK with these new credentials, but when the user on the USA LAN tries, her laptop (Windows 7) switches the login username domain to her own domain.

EG

UK domain : OUR-COMPANY
USA domain : OUR-COMPANY_USA

The user should be logging in as :
OUR-COMPANY\JoannaSmith

Although she types this into her laptop in the Windows Security dialogue box,
underneath the username is still keeps
DOMAIN : OUR-COMPANY_USA

I'm assuming because she is on the OUR-COMPANY_USA domain, and the domains are so similar, that Windows auto-fills the domain and assumes it to be OUR-COMPANY_USA.

Is there a way of forcing it to OUR-COMPANY domain in these circumstances?

Thanks
HICTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lruiz52Commented:
It may be easier to create a two way trust between the two domains.

http://technet.microsoft.com/en-us/library/cc778851(v=ws.10).aspx
0
SandeshdubeySenior Server EngineerCommented:
In order to add users in AD from one domain another domain either to computers/groups/AD,then you need to use AGDULP method. Also, add the DNS suffix in the clients NIC for faster domain location.

-Add the User Accounts to Global Groups> Global Groups to Universal Group> Universal Groups to Domain Local Groups > Domain Local Groups to the group you want to assign the permission.http://technet.microsoft.com/en-us/library/bb742592.aspx

Accessing resources across forests
http://technet.microsoft.com/en-us/library/cc772808(v=ws.10).aspx

You need to create trust for this:http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
0
Rich RumbleSecurity SamuraiCommented:
Right, a trust would make using one login able to work where ever you allow it to. So the USA login would work because you trust the USA domain user, and gave them permission.
But to answer your question, if the user put's the domain in front, even if it's very similar to the other, it should try that one. There are a two ways you can write the domain monikers, have them try:
username@usa_domain
But that should work just as well as usa_domain\username
When the login fails with a certain domain, windows does try the default/current domain.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.